× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 1999

Re: Security Admin package for multi level security

  • Subject: Re: Security Admin package for multi level security
  • From: Jim Langston <jlangston@xxxxxxxxxxxxxxxx>
  • Date: Thu, 04 Nov 1999 13:54:13 -0800
  • Organization: Conex Global Logistics Services, Inc.
 
Actually, your description is partly correct regarding government
security clearance, but leaves something out.  That is called the
"Need to know".  Even though I have a secret security clearance
does not mean I have access to all data that is marked as secret.
I only have access to it if I have a "Need to know" the information.

If something is marked as Top Secret, and I have a Secret clearance,
I can never see that data, even if I have a need to know it, unless my
clearance is upgraded to Top Secret.

The AS/400 security handles this pretty well on a "Need to know"
basis if the security is set up correctly.  The security administrator
must determine the need to know any piece of information, or access
to a program.  All other data should be excluded, unless a need to
know is shown.

A notable exception to this rule, however, is the Security Officer,
who basically has all access to the system.  But then, the Security
Officer can be considered to have the "need to know" the entire
system.

Regards,

Jim Langston

"V. Leveque" wrote:

> I'm not sure how Bob/Martin would define it, but conventionally it is the
> security model followed for government classified information.  Each item of
> information has a classification, based on the consequences if disclosed
> (e.g., Top Secret means it would cause "grave harm" to national security if
> disclsed, etc.).  Each user is given a clearance level corresponding to how
> trustworthy they are(are they citizens?  Did they pass the polygraph test?
> Did they ever "inhale"?).  The higher the clearance you have, the higher the
> classification of information you can access.

<SNIP>

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.